aspose file tools*
The moose likes Tomcat and the fly likes after JNDI realm Authentication, need further specificity on authentication Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of EJB 3 in Action this week in the EJB and other Java EE Technologies forum!
JavaRanch » Java Forums » Products » Tomcat
Bookmark "after JNDI realm Authentication, need further specificity on authentication" Watch "after JNDI realm Authentication, need further specificity on authentication" New topic
Author

after JNDI realm Authentication, need further specificity on authentication

robyne vaughn
Ranch Hand

Joined: Jun 04, 2003
Posts: 38
I have a jndi realm set up in my tomcat 4.12 which is working and authenticates against microsoft's Active Directory Server. (not my choice, mandated)

Within that same context, I have a need to secure several programs to an administrator only and would rather not have to edit every one of them to programmatically check for the user who is trying to access them. In other words, some programs within the context will be available to everyone and some should only be available to the administrator.

Any clever ideas on how to go about this?

Here is my context from my server.xml:

<Context path="/mrcjava" docBase="/mrcjava" debug="0" reloadable="true" privileged="true">
<Logger className="org.apache.catalina.logger.FileLogger"
prefix="mrcjava_log" suffix=".txt" timestamp="true"/>
<!-- Robyne's code: JNDI to ActiveDirectoryServer Authentication: -->
<Realm className="org.apache.catalina.realm.JNDIRealm" debug="99"
connectionURL="ldap://99.999.9.9:389"
connectionName="CN=name,OU=CO,dc=name1,dc=name2"
connectionPassword="password"
referrals="follow"
userBase="dc=name1,dc=name2"
userSearch="(&(sAMAccountName={0})(objectClass=user))"
userSubtree="true"
roleSearch="(uniqueMember={0})"
rolename="cn"
/>
</Context>


I wish I could add within the context this additional memory realm:

<Realm className="org.apache.catalina.realm.UserDatabaseRealm"
debug="0" resourceName="UserDatabase"/>

Which I did try. Interestingly, tomcat will run, but nothing will authenticate.


ps. here is the bottom of my web.xml where I tried to enable the above:
<security-constraint>
<web-resource-collection>
<web-resource-name>/mrcjava</web-resource-name>
<url-pattern>*.jsp</url-pattern>
<url-pattern>/LNGDIST/mrcmenu.html</url-pattern>
<url-pattern>/GetAttsMaint</url-pattern>
<url-pattern>/GetAttsRpt</url-pattern>
<url-pattern>/GetAttsOptions</url-pattern>
<url-pattern>/GetAttsOptionsNew</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>*</role-name>
</auth-constraint>
</security-constraint>


<security-constraint>
<web-resource-collection>
<web-resource-name>/mrcjava</web-resource-name>
<url-pattern>/GetAttsAdmin</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>NTSADMIN</role-name>
</auth-constraint>
</security-constraint>




<login-config>
<auth-method>FORM</auth-method>
<realm-name>ldapRealm</realm-name>
<form-login-config>
<form-login-page>/LNGDIST/login.jsp</form-login-page>
<form-error-page>/LNGDIST/login_error.jsp</form-error-page>
</form-login-config>
</login-config>

<security-role>
<role-name>LD</role-name>
</security-role>

<security-role>
<role-name>NTSADMIN</role-name>
</security-role>

</web-app>


newbie, would appreciate any creative ideas you have.
Thanks,
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: after JNDI realm Authentication, need further specificity on authentication
 
Similar Threads
problem with ldap auto authentication on Tomcat 6.0
Configure JNDI Realm
Windwos Authentication using local window xp users and Tomcat (Prompt window to the users)
JSP and Active Directory Integration
how to redirect to success page in tomcat using its lapd configuration